Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Yuna Scatari Edition (YSE) (http://www.bvlist.com/forumdisplay.php?f=22)
-   -   Recover....password... (http://www.bvlist.com/showthread.php?t=731)

Nilsons 31st July 2008 17:20
Recover....password...
 
When i want'ed to recover my password i get link to email , and i need to follow to the link but when i push on the link it shows me
"The page cannot be found "

kp380lv 31st July 2008 21:46
you need e-mail sever

seb35 31st July 2008 23:20
post recover.php
just question you have added script class-input filter ?

Nilsons 1st August 2008 09:06
kp380lv i have email server.....

Recover.php
Code:

require "include/bittorrent.php";

dbconn();

if ($CURUSER)
newerr("Error", "You are logged in, you don't need this...");

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
  $email = trim($_POST["email"]);
  if (!$email)
    newerr("Error", "You must enter an email address");
  $res = sql_query("SELECT * FROM users WHERE email=" . sqlesc($email) . " LIMIT 1") or sqlerr();
  $arr = mysql_fetch_assoc($res) or stderr("Error", "The email address was not found in the database.\n");

        $sec = mksecret();

  sql_query("UPDATE users SET editsecret=" . sqlesc($sec) . " WHERE id=" . $arr["id"]) or sqlerr();
  if (!mysql_affected_rows())
          stderr("Error", "Database error. Please contact an administrator about this.");

  $hash = md5($sec . $email . $arr["passhash"] . $sec);

  $body = << Someone, hopefully you, requested that the password for the account
associated with this email address ($email) be reset.

The request originated from {$_SERVER["REMOTE_ADDR"]}.

If you did not do this ignore this email. Please do not reply.


Should you wish to confirm this request, please follow this link:

$DEFAULTBASEURL/recover.php?id={$arr["id"]}&secret=$hash


After you do this, your password will be reset and emailed back
to you.

--
$SITENAME
EOD;

  @mail($arr["email"], "$SITENAME password reset confirmation", $body, "From: $SITEEMAIL", "-f$SITEEMAIL")
    or newerr("Error", "Unable to send mail. Please contact an administrator about this error.");
  newerr("Success", "A confirmation email has been mailed.\n" .
    " Please allow a few minutes for the mail to arrive.");
}
elseif($_GET)
{
//        if (!preg_match(':^/(\d{1,10})/([\w]{32})/(.+)$:', $_SERVER["PATH_INFO"], $matches))
//          httperr();

//        $id = 0 + $matches[1];
//        $md5 = $matches[2];

        $id = 0 + $_GET["id"];
  $md5 = $_GET["secret"];

        if (!$id)
          httperr();

        $res = sql_query("SELECT username, email, passhash, editsecret FROM users WHERE id = $id");
        $arr = mysql_fetch_array($res) or httperr();

  $email = $arr["email"];

        $sec = hash_pad($arr["editsecret"]);
        if (preg_match('/^ *$/s', $sec))
          httperr();
        if ($md5 != md5($sec . $email . $arr["passhash"] . $sec))
          httperr();

        // generate new password;
        $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

  $newpassword = "";
  for ($i = 0; $i < 10; $i++)
    $newpassword .= $chars[mt_rand(0, strlen($chars) - 1)];

        $sec = mksecret();

  $newpasshash = md5($sec . $newpassword . $sec);

        sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . " WHERE id=$id AND editsecret=" . sqlesc($arr["editsecret"]));

        if (!mysql_affected_rows())
                newerr("Error", "Unable to update user data. Please contact an administrator about this error.");

  newerr("Success", "Your new password is $newpassword and a remind if you don't remember your login name, its {$arr["username"]}.");
}
else
{
        stdhead();
        ?>
       

Recover lost user name or password


       

Use the form below to have your password reset and your account details mailed back to you.
  (You will have to reply to a confirmation email.)


       

       
       
       
       
       
Registered email

                stdfoot();
}

?>

animezon 9th July 2009 15:39
hello
 
i need these tooooo i got the same erro

kp380lv 9th July 2009 21:35
Try my Nehalem code..should work for you.

Code:
/*recover.php modified by kp380lv*/

require "include/bittorrent.php";
dbconn();

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
  $email = trim($_POST["email"]);
  if (!$email)
    stderr($tracker_lang['error'], "You must enter an email address");
  $res = sql_query("SELECT * FROM users WHERE email=" . sqlesc($email) . " LIMIT 1") or sqlerr(__FILE__, __LINE__);
  $arr = mysql_fetch_assoc($res) or stderr($tracker_lang['error'], "The email address was not found in the database.\n");

    $sec = mksecret();

  sql_query("UPDATE users SET editsecret=" . sqlesc($sec) . " WHERE id=" . $arr["id"]) or sqlerr(__FILE__, __LINE__);
  if (!mysql_affected_rows())
      stderr($tracker_lang['error'], "Database error. Please contact an administrator about this.");

  $hash = md5($sec . $email . $arr["passhash"] . $sec);

  $body = << Someone, hopefully you, requested that the password for the account
associated with this email address ($email) be reset.

If you did not do this ignore this email. Please do not reply.

Should you wish to confirm this request, please follow this link:

$DEFAULTBASEURL/recover.php?confirm&id={$arr["id"]}&secret=$hash


After you do this, your password will be reset and emailed back to you.

--
$SITENAME
EOD;

    mail($arr["email"], "$DEFAULTBASEURL password reset confirmation from", $body, "From: $SITEEMAIL");
   
    stderr($tracker_lang['success'], "A confirmation email has been mailed.\n" .
        " Please allow a few minutes for the mail to arrive.");
}
elseif(isset($_GET['confirm']))
{
//    if (!preg_match(':^/(\d{1,10})/([\w]{32})/(.+)$:', $_SERVER["PATH_INFO"], $matches))
//      httperr();

//    $id = 0 + $matches[1];
//    $md5 = $matches[2];

          if (!is_valid_id($_GET["id"]))
            stderr($tracker_lang['error'], $tracker_lang['invalid_id']);
     
     
  $id = 0 + $_GET["id"];
  $md5 = $_GET["secret"];

    $res = sql_query("SELECT username, email, passhash, editsecret FROM users WHERE id = $id");
    $arr = mysql_fetch_array($res) or stderr($tracker_lang['error'],"??? ???????????? ? ????? ID");

  $email = $arr["email"];

    $sec = hash_pad($arr["editsecret"]);
    if (preg_match('/^ *$/s', $sec))
  stderr($tracker_lang['error'],"Error");
    if ($md5 != md5($sec . $email . $arr["passhash"] . $sec))
  stderr($tracker_lang['error'],"Error");

    // generate new password;
    $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

  $newpassword = "";
  for ($i = 0; $i < 10; $i++)
    $newpassword .= $chars[mt_rand(0, strlen($chars) - 1)];

    $sec = mksecret();

  $newpasshash = md5($sec . $newpassword . $sec);

    sql_query("UPDATE users SET secret=" . sqlesc($sec) . ", editsecret='', passhash=" . sqlesc($newpasshash) . " WHERE id=$id AND editsecret=" . sqlesc($arr["editsecret"]));

    if (!mysql_affected_rows())
        stderr($tracker_lang['error'], "Unable to update user data. Please contact an administrator about this error.");

  $body = << As per your request we have generated a new password for your account.

Here is the information we now have on file for this account:

    User name: {$arr["username"]}
    Password:      $newpassword

You may login at: $DEFAULTBASEURL/login.php

--
$SITENAME
EOD;

      mail($email, "$DEFAULTBASEURL account details", $body, "From: $SITEEMAIL");
  stderr($tracker_lang['success'], "The new account details have been mailed to $email.\n" .
    "Please allow a few minutes for the mail to arrive.");
}
else
{
    stdhead("Recover lost user name or password");
    ?>
   
   
   
   
   
   
   
   
Recover user name or password
Use the form below to have your password reset and your account details mailed back to you.
    You will have to reply to a confirmation email.
Registered email

        stdfoot();
}
/*recover.php modified by kp380lv*/
?>

animezon 9th July 2009 22:00
error
 
Code:
Fatal error: Call to undefined function stderr() in /hsphere/local/home/myurl/recover.php on line 42
when i clink recover

/recover.php on line 102 when open the link on mail but ist does all the process and the pass the mail gives me dont work to login on the site, how fix these


All times are GMT +2. The time now is 15:46.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.